Saturday, January 05, 2008

You must involve someone outside the Marketing Department...

http://www.benedelman.org/news/010408-1.html

Sears Exposes Customer Purchase History in Violation of Its Privacy Policy

January 4, 2008

Want to know what a given customer has purchased from Sears? It's surprisingly easy to find out. Here's the procedure:

1) Go to the Sears "Manage My Home" site, www.managemyhome.com . Create an account and sign in. Screenshot.

2) On the Home menu, choose Home Profile. In the Search Purchase History section, choose Find Your Products. Screenshot.

3) Enter the name, phone number, and street address of the customer whose purchases you wish to view. Press Find Products. Screenshot.

Sears then displays all purchases its database associates with the specific customer -- typically major appliances and other large purchases. See examples from Washington, DC, Brookline, Massachusetts, and Lincoln, Massachusetts.



Stirring up some interesting comments. Likely some certification will be required...

http://it.slashdot.org/article.pl?sid=08/01/04/2244227&from=rss

PI License May Soon Be Required for Computer Forensics

Posted by ScuttleMonkey on Friday January 04, @08:22PM from the geeks-licensed-to-buy-cool-surveillance-gear dept. Security IT

buzzardsbay writes "The good folks over at Baseline Magazine have an intriguing — and worrisome — report on a movement to limit computer forensics work to those who have a Private Investigator license or those who work for licensed PI agencies. According to the story, pending legislation would limit the specialized task of probing deep into computer hard drives, network and server logs for telltale signs of hacking and data theft to the same people who advertise in the Yellow Pages for surveillance on cheating spouses, workers' compensation fraud and missing persons. Those caught practicing computer forensics without a license could face criminal prosecution."



For the IP crowd

http://www.eff.org/deeplinks/2008/01/new-study-copyright-and-creativity-center-social-media

New Study on Copyright and Creativity from the Center for Social Media

Posted by Hugh Dandrade January 3rd, 2008

Free video hosting sites like YouTube, Yahoo! Video, and Daily Motion are enabling creators to share video instantly with millions of viewers around the world. A new report from the Center for Social Media takes a close look at these user generated sites, and finds that there is much more at stake than the SNL and Daily Show clips often referenced in the usual Viacom v. YouTube debates on copyright infringement.

... (EFF has published a “best practices” guide that would protect fair uses from being caught in DMCA takedown dragnets.)


...and an interesting business model.

http://techdirt.com/articles/20080102/100856.shtml

Content Industry Could Learn From eBay Seller Turning A Profit With Public Domain Content

from the competing-with-free dept

Last year, Mike made the point that saying you can't compete with free is saying you can't compete, period. Every business makes a profit by adding value so that customers will be willing to pay above marginal cost for its products. The fact that the marginal cost of content (once it's been created) is zero doesn't change that principle. You can add value to free content just like you can add value to any other product. The New York Times Bits blog nicely illustrates this with a post about the market for public domain content on eBay. Apparently, there are a number of people who make a living by finding obscure, copyright-free content on the Internet, burning it on a DVD or other convenient format, and selling it on eBay. Despite the fact that every one of those customers could have tracked down the video for themselves and watched it on their computers, a lot of people are apparently willing to pay for a DVD version.

This business model actually illustrates two good ways to add value to free content. First is convenience. A lot of people don't have a high-speed Internet connection, don't like watching videos on their computer monitors, or want to be able to take their content with them in a compact format. For those users, a DVD is a much nicer format than a file on their computer's hard drive. DVDs are also a much more convenient format for giving gifts: you can wrap a DVD and put it under the Christmas tree, something that's harder to do with a video on YouTube. Second is filtering and organization. There's way more content out there than any one person could possibly watch. So there's a lot of value in helping people separate the wheat from the chaff. That's a big part of the value we provide here at Techdirt: a lot of the information you'll find on our blog comes from other sites, but we try to highlight only the best and most relevant information, helping our readers to keep up with news in the technology world more easily. By the same token, people who sell public domain content on the Internet create value by filtering and organizing the information so it's easier for others to quickly and easily find what they're looking for.

I won't belabor the implications for traditional content industries. Like it or not, their content is available for free on peer-to-peer sites, and if they want to make a profit they're going to have to find ways to make their content more valuable than what you can get with BitTorrent. Two important principles for doing that are: use formats that convenient and versatile and make sure content is organized in a way that makes it easy for users to find what they're looking for. That means, for example, that you probably shouldn't cripple your products with DRM or sue companies that help people find your content.



For my Web Site class...

http://www.killerstartups.com/Web-App-Tools/WhatsItsColorcom---The-Complementary-Color-Finder/

WhatsItsColor.com - The Complementary Color Finder

If you’re the type of person who thinks red and green are a good color combination outside of Christmas, or find yellow and pink appealing, then you might want to consider Whats Its Color, a free web app that finds complementary colors for any image you provide. Just upload an image or find one on the web. What Its Color will process and break down the colors in the image you’ve selected, and then evaluate the image’s primary and complementary colors. It’ll also give you the image’s top ten unique colors. With the color palette provided, you can create a killer web design, or spruce up that power point presentation.

http://whatsitscolor.com/

Friday, January 04, 2008

These are not the words of a reasonably competent manager...

http://www.pogowasright.org/article.php?story=20080104063400680

Day-care workers face risk of ID theft, DCF says

Friday, January 04 2008 @ 06:34 AM EST Contributed by: PrivacyNews News Section: Breaches

Thousands of Central Florida day-care-center workers could be at risk of identity theft after burglars stole state computers containing personal information.

Although the theft occurred two months ago, the Florida Department of Children and Families is just now notifying about 1,200 day-care providers that their employees, as well as center operations, may be at risk.

Social Security numbers, birth dates and other information about day-care workers in Orange, Seminole and Osceola counties were among the data on five laptop computers that were stolen from the DCF office near Orlando Fashion Square mall in Orlando on Nov. 7-8.

Source - OrlandoSentinel.com

[From the article:

Officials said they don't know how many day-care employees' records were on the stolen computers.



Why would this program be any different?

http://www.bespacific.com/mt/archives/017015.html

January 03, 2008

DHS OIG Audit of the State of Colorado Homeland Security Grant Program

OIG-08-16 - Audit of the State of Colorado Homeland Security Grant Program (PDF, 35 pages) - New 01/03/2008

  • "...Colorado has not complied with critical Homeland Security Grant Program requirements, as the state has not assured adequate oversight of program activities and compliance with its homeland security strategy. In addition, the state’s internal controls for managing homeland security grant programs, and ensuring sub-grantee compliance and program readiness were ineffective."



Interesting, but would we care if the “Security Ignorati” get crashed?

http://www.infoworld.com/article/08/01/04/Wi-Fi-virus-outbreak-possible-researchers-say_1.html?source=rss&url=http://www.infoworld.com/article/08/01/04/Wi-Fi-virus-outbreak-possible-researchers-say_1.html

Wi-Fi virus outbreak is possible, researchers say

By targeting unsecured wireless routers, criminals could create an attack that could piggyback across thousands of Wi-Fi networks in urban areas

By Robert McMillan, IDG News Service January 04, 2008

If criminals were to target unsecured wireless routers, they could create an attack that could piggyback across thousands of Wi-Fi networks in urban areas like Chicago or New York City, according to researchers at Indiana University.



Ask your techies to make one for you! Beside the e-discovery implications, this is quite useful for those of us who teach at several locations – we can take our “teaching computer” with us.

http://www.baselinemag.com/article2/0,1397,2243255,00.asp?kc=BARSS02129TX1K0000533

Virtual PCs Add New Layer of Security

January 3, 2008

BOSTON (Reuters) - Worried about people accessing your private information whenever you use a public computer?

There is a way to protect yourself: Devices as small as a keychain allow you to use any computer without leaving a trail of evidence.

A new computer program known as MojoPac can turn most flash memory sticks, hard drives or iPods into "virtual" PCs that can run most programs that work on Windows XP.

... The device cannot be bought. You have to make it by downloading free software onto a computer drive such as the thumb-sized USB flash memory drives that were so popular as gifts this Christmas. It also works with iPods, many other digital music players and regular external hard drives.

Once the MojoPac shell is created, users need to install their own software -- just as they would do on a regular PC running Windows XP.

... Other companies are working on similar technology, but there's nothing available with free software that is as easy to set up as MojoPac, according to Enderle.

... MojoPac is available for free on the company's Web site, www.MojoPac.com.

For now it only works with Windows XP, but the company plans to launch a version this summer that allows users to switch between machines running XP and Vista.

PCs that have been locked by administrators so users cannot install files on them won't work with MojoPac unless the administrator first installs a small piece of software that is available on the company's Web site. [Alert your Security Team! Bob]

... While most programs work with MojoPac, one good source for the devices is www.PortableApps.com, a site that specializes in offering programs customized for thumb drives.

It lists more than three dozen programs, including software for fighting viruses, backing up data, surfing the Web and viewing documents. There are also programs for word processing, photo editing, spreadsheets and instant messaging.



Unfortunately, this must be part of Disaster Planning.

http://www.technewsworld.com/rsstory/61040.html

Keeping Tabs on Employees When Disaster Strikes

By Pam Baker TechNewsWorld 01/04/08 4:00 AM PT

"If your key individuals are not at their primary locations to respond to the emergency, a robust, scalable, and reliable mobile solution is critical to get the word out quickly to those tasked with responding to the situation and ensure timely recovery of key business processes," said Frank Mahdavi, chief strategy officer for the emergency notification firm MIR3.

Change may no longer be the only constant; danger is proving omnipresent and therefore a constant variable in enterprise IT planning.

"In today's world where a shooter can walk in the front door of a church and open fire, there is really no place that is safe," Henry Dewing, analyst at Forrester Research told TechNewsWorld. "Companies must take steps to act as responsible guardians of their employee body."



Want to tweek someone?

http://www.bespacific.com/mt/archives/017017.html

January 03, 2008

The National Academy of Sciences: Science, Evolution, and Creationism

"The National Academy of Sciences (NAS) and Institute of Medicine (IOM) today released Science, Evolution, and Creationism, a book designed to give the public a comprehensive and up-to-date picture of the current scientific understanding of evolution and its importance in the science classroom. Recent advances in science and medicine, along with an abundance of observations and experiments over the past 150 years, have reinforced evolution's role as the central organizing principle of modern biology, said the committee that wrote the book."

Click here to download the free PDF of the Science, Evolution, and Creationism summary brochure.



Geek stuff... Note that the Digg Effect has crashed the website. Alternate links are available in the comments...

http://digg.com/linux_unix/68_Linux_Related_Free_E_books_2

68 Linux Related Free E-books

linuxhaxor.net — A comprehensive list of Free Linux related e-books.



Business Model: I've been thinking about a hobby based model ever since I saw “Endless Summer.” Unfortunately, I can't surf, but the concept still intrigues...

http://www.killerstartups.com/User-Gen-Content/MountainReviewscom---Time-to-Hit-the-Slopes/

MountainReviews.com - Time to Hit the Slopes

It’s winter in the northern hemisphere, so besides providing for the perfect excuse for curling up to a warm mug of hot cocoa, some of you will want to hit the slopes. For those of you who love alpine sports, there’s MountainReviews. Here you can find reviews and descriptions of the best places to ski and snowboard in the country. Find the most difficult slopes or search for terrain that’s easy enough for newbies. Additionally, you can search for ski areas in your own region, find photos and videos, and check out the latest snowboarding and skiing news. All reviews come with six different criteria for rating: difficulty, beginner’s rating, intermediate, expert, park, and overall rating. Find a slope that you just adore or hate? Add your own review.

http://www.mountainreviews.com/

Thursday, January 03, 2008

Isn't it amazing that procedures are revised days (hours?) after an incident.

http://www.pogowasright.org/article.php?story=20080102170749849

Robotic Industries Association site hacked; credit card details accessed

Wednesday, January 02 2008 @ 05:07 PM EST Contributed by: PrivacyNews News Section: Breaches

Robotics Industries Association reported that a hacker accessed their administration site for Robotics Online on or about December 10th, gaining access to individual orders that contained credit card information. Seven residents of NH were affected, but national totals were not indicated.

Following the intrusion, the company deleted all credit card information from their site, and temporarily ceased accepting credit card orders

Source - Robotics Industries Association Notification to NH DOJ [pdf]



Ha! The excuse I predicted! (Again, procedures changes immediately.)

http://www.pogowasright.org/article.php?story=20080103070058929

ID info at risk in laptop theft

Thursday, January 03 2008 @ 07:02 AM EST Contributed by: PrivacyNews News Section: Breaches

Officials with one of Utah's largest insurance companies are searching for a stolen laptop containing Social Security numbers and other personal information for about 2,800 people and 1,400 companies.

The computer was taken from a car parked in the home garage of an auditor for the Workers Compensation Fund (WCF) on Dec. 9. But WCF said it chose not to issue a public statement at that time out of fear of alerting anyone that the laptop contained information that could be used for identity thefts.

Source - The Salt Lake Tribune

[From the article:

"As soon as this was discovered, every auditor brought in their laptops so that all information was removed," she said. "And, we've added additional levels of password protection."

The stolen laptop was password protected, she said. But as an additional precaution, auditors are now not allowed to store personal information, such as Social Security numbers, in their laptops and the computer information will be better encrypted.



Here's a legal opinion that won't be imported to the US.

http://www.pogowasright.org/article.php?story=20080102091718346

De: Zypries: Retained data cannot be used in civil cases

Wednesday, January 02 2008 @ 09:17 AM EST Contributed by: PrivacyNews News Section: Non-U.S. News

Retained telephone and Internet data may be used only by the police and the public prosecutor's office, says German Justice Minister Brigitte Zypries. "Connection information can assist in the prosecution of terrorists and organized criminals but cannot be used to help the music industry pursue its rights under civil law," said the SPD party politician in an interview with Focus, the German news magazine.

Source - Heise

[From the article:

"Any government that tries to broaden its scope will lose all credibility."

... The music industry, backed by a number of political figures, had demanded access to this data to help pursue its claims for compensation against pirates.


Ditto

http://www.pogowasright.org/article.php?story=20080102191923269

UK: 'Prosecute officials who lose public's details'

Wednesday, January 02 2008 @ 07:19 PM EST Contributed by: PrivacyNews News Section: Breaches

WORKERS in the public and private sectors should face criminal charges if they put the security of personal data at risk through carelessness or impropriety, an influential group of MPs will say today.

Managers should also be obliged to report losses of data and other breaches to the government's information watchdog.

Source - Scotsman.com

Related - Guardian: MPs say losing computer data should be made a crime



Mortgage the house?

http://www.techcrunch.com/2008/01/02/jpmorgan-predicts-2008-will-be-nothing-but-net/

JPMorgan Predicts 2008 Will Be “Nothing But Net”

Erick Schonfeld January 2 2008

JPMorgan’s Internet analyst Imran Khan and his team released a massive 312-page report this morning titled Nothing But Net that paints a bullish picture for the major Internet stocks (Google, Amazon, Yahoo, eBay, Expedia, Salesforce.com, Ominiture, ValueClick, Monster.com, Orbitz, Priceline, CNET, etc.). Some key takeaways:

—Noting that, in 2007, Internet stocks delivered a 14 percent return versus 5 percent for the S&P 500, JPMorgan expects 34 percent earnings growth in 2008 for the Internet stocks it covers versus 8 percent earnings growth for the S&P 500.



Could it be this simple?

http://digg.com/software/Sixty_One_A_Digg_Like_Site_For_Music

Sixty One, A Digg Like Site For Music

thesixtyone.com — If Guitar Hero™ is about shredding, Then Sixty One is about scouting. Musicians upload music and listeners decide which songs go on the homepage.

http://www.thesixtyone.com/hot/



A whale of a deal for my Wise old Owls, Loon-y, Legal Eagle – even “Ash-breasted Tit-tyrant” (honest!) friends...

http://hosted.ap.org/dynamic/stories/E/ENVIRONMENTAL_RINGTONES?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT

Wildlife Ringtones Reach Milestone

By SUSAN MONTOYA BRYAN

Associated Press Writer Jan 3, 5:09 AM EST

ALBUQUERQUE, N.M. (AP) -- With the new year comes a new Web site and new ringtones featuring the growls, bugles and chirps of dozens of rare and endangered species from around the globe.

Center for Biological Diversity: http://www.biologicaldiversity.org

Endangered Species Ringtones: http://www.rareearthtones.org

Wednesday, January 02, 2008

This is interesting in that the principal is assuming the worst instead of trying to minimize the incident.

http://www.todayonline.com/articles/230068.asp

Laptops, student data missing after school break-in

Teo Xuanwei xuanwei@mediacorp.com.sg Singapore News // Wednesday, January 2, 2008

The culprits of a break-in on Monday could have taken far more than just the three laptops they stole from Camford Business School.

But the ones they took contained the data of the school's students.

In an email sent to Today, Mr Indra, the school's principal, said he wanted to raise the alarm on the theft.

"The culprit was not interested in any of our assets except for our students' data.

"The computers that contained our student data were missing. Others were all left untouched," he said.



http://www.pogowasright.org/article.php?story=2008010206495223

UK: Stores accused over CCTV records

Wednesday, January 02 2008 @ 06:49 AM EST Contributed by: PrivacyNews News Section: Non-U.S. News

Thousands of innocent people could be unwittingly branded as “thieves and drug addicts” by shops.

Detailed files on customers, which include pictures taken from CCTV footage, are being held by some supermarkets purely on the basis that a person may be acting suspiciously, [Somewhat subjective? Bob] regardless of whether they have been caught committing a crime.

Source - EDP24

[From the article:

One victim, schoolboy Steven Hawkes, 13, found out he was on file at Tesco in Dereham, after several employees of the store told him and his family he had been blacklisted.

... “When I went to the store and tried to find out what was going on they said they only kept files on 'shoplifters and drug addicts' so I had to ask which one they thought my son was in. Eventually they admitted he hadn't done anything but looked suspicious.



At last, some push-back?

http://www.telegraph.co.uk/opinion/main.jhtml;jsessionid=FWNUFJIWHJMXJQFIQMFSFFOAVCBQ0IV0?xml=/opinion/2008/01/01/do0101.xml

We have everything to fear from ID cards

By Andrew O'Hagan Last Updated: 12:01am GMT 01/01/2008

We start the year in Britain with a challenge to our essential nature, for 2008 might turn out to be the year when we decide to rip up the Magna Carta.

Among the basic civil rights in this country, there has always been, at least in theory, an inclination towards liberal democracy, which includes a tolerance of an individual's right to privacy.

... Britain is already the most self-watching country in the world, with the largest network of security cameras; a new study suggests we are now every bit as poor at protecting privacy as Russia, China and America.

But surveillance cameras and lost data will prove minuscule problems next to ID cards, which will obliterate the fundamental right to walk around in society as an unknown.


Related... Will inability to read your license be probable cause for a traffic stop?

http://www.pogowasright.org/article.php?story=20080101192101421

Goverment Making It Easier To Steal Your Identity

Tuesday, January 01 2008 @ 07:21 PM EST Contributed by: PrivacyNews News Section: REAL ID

Electronic monitoring of motorists will soon expand dramatically as states including Arizona, Michigan, Vermont and Washington as they begin to use radio frequency identification (RFID) chips in drivers' licenses. These electronic chips broadcast the identity of any card holder to any chip-reading sensor within a minimum of thirty feet. The US Department of Homeland Security is promoting the tracking projects as part of its Western Hemisphere Travel Initiative.

Source - Gather



Perhaps you should convert those 5.25 floppies? (Comments are convinced this is just another way Microsoft is forcing users to buy an upgrade...)

http://it.slashdot.org/article.pl?sid=08/01/01/137257&from=rss

Office 2003 Service Pack Disables Older File Formats

Posted by Zonk on Wednesday January 02, @12:29AM from the always-so-helpful dept. Microsoft Software IT

time961 writes "In Service Pack 3 for Office 2003, Microsoft disabled support for many older file formats. If you have old Word, Excel, 1-2-3, Quattro, or Corel Draw documents, watch out! They did this because the old formats are 'less secure', which actually makes some sense, but only if you got the files from some untrustworthy source. Naturally, they did this by default, and then documented a mind-bogglingly complex workaround (KB 938810) rather than providing a user interface for adjusting it, or even a set of awkward 'Do you really want to do this?' dialog boxes to click through. And of course because these are, after all, old file formats ... many users will encounter the problem only months or years after the software change, while groping around in dusty and now-inaccessible archives."



Good news / bad news? Perhaps I could index Centennial-Man and publish it as a work of fiction?

http://hosted.ap.org/dynamic/stories/B/BUSINESS_OF_LIFE?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT

Got a Manuscript? Publishing Now a Snap

By CANDICE CHOI Associated Press Writer Jan 2, 8:29 AM EST

NEW YORK (AP) -- Getting a book published isn't the rarefied literary feat it once was.

... On-demand publisher Lulu.com has churned out 236,000 paperbacks since it opened in 2002, and its volume of new paperbacks has risen each month this year, hitting 14,745 in November. Retail giant Amazon.com got into the game this summer, offering on-demand publishing through its CreateSpace, which was already letting filmmakers and musicians burn DVDs and CDs.

... Unlike vanity publishing, in which aspiring authors pay to have their books run on traditional presses, on-demand publishing doesn't have to cost writers a cent.

... The system also allows small businesses to print high-end brochures, screenwriters to shop their scripts around and others to assemble wedding and other special-event books for friends and family.

On the Net:

http://www.Lulu.com

http://www.Blurb.com

http://www.createspace.com



I can't say I see the importance of some of these, but then, that's why I read these lists....

http://www.smh.com.au/news/technology/ten-things-that-will-change-your-future/2007/12/31/1198949747758.html

Ten things that will change your future

January 1, 2008

So Google and Wikipedia took you by surprise? Nick Galvin looks into his crystal ball and explains what you need to know to survive the next decade.

Tuesday, January 01, 2008

Clearly the goal isn't security. Perhaps it isn't even the appearance of security. But clearly it allows tracking (inventorying) of the second class... Note: If this technology allows “reading” of the card without the traveler even taking it from his pocket (and it does) will the Boarder Guards feel any need to actually look at the document?

http://www.bespacific.com/mt/archives/016990.html

December 31, 2007

CDT: Passport Card Rule Will Weaken Border Security and Privacy

"Today, the Department of State released a final rule for the new "Passport Card," which is intended to be used by American citizens who frequently travel by land or sea to Canada, Mexico, the Caribbean, and Bermuda. The new rule calls for the use of "vicinity read" RFID technology without the use of encryption. This means the card will be able to be read remotely, at a long distance. CDT strongly objected to the use of this technology--developed for tracking inventory, not people--because it is inherently insecure and poses threats to personal privacy, including identity theft, location tracking by government and commercial entities outside the border control context, and other forms of mission creep."



Tools and techniques:

http://digg.com/security/Eavesdropping_on_Bluetooth_headsets_with_Linux

Eavesdropping on Bluetooth headsets with Linux

hackszine.com — Few users realize that Bluetooth headsets can be exploited granting a remote attacker the ability to record and inject audio through the headset while the device is not in an active call. SANS Institute author and senior instructor Joshua Wright demonstrates.

http://www.hackszine.com/blog/archive/2007/12/eavesdropping_on_bluetooth_hea.html



You don't have to understand a technology to misuse it.

http://it.slashdot.org/article.pl?sid=07/12/31/2041205&from=rss

The Rising Barcode Security Threat

Posted by ScuttleMonkey on Monday December 31, @06:23PM from the what's-in-a-number dept. Security Software

eldavojohn writes "As more and more businesses become dependent on barcodes, people are pointing out common problems involving the security of one- or two-dimensional barcode software. You might scoff at this as a highly unlikely hacking platform but from the article, 'FX tested the access system of an automatically operated DVD hire shop near his home. This actually demanded a biometric check as well, but he simply refused it. There remained a membership card with barcode, membership number and PIN. After studying the significance of the bar sequences and the linear digit combinations underneath, FX managed to obtain DVDs that other clients had already paid for, but had not yet taken away. Automated attacks on systems were also possible, he claimed. But you had to remember not to use your own membership number.' The article also points out that boarding passes work on this basis — with something like GNU Barcode software and a template of printed out tickets, one might be able to take some nice vacations."



Craftsman Rootkits require Craftsman Class Action lawyers!

http://www.infoworld.com/article/07/12/31/Researcher-says-Sears-downloads-spyware_1.html?source=rss&url=http://www.infoworld.com/article/07/12/31/Researcher-says-Sears-downloads-spyware_1.html

Researcher says Sears downloads spyware

Sears and Kmart customers who sign up for the My SHC marketing program could, in essence, be stuck with spyware without notification, a Harvard professor says

By Robert McMillan, IDG News Service December 31, 2007

Sears and Kmart customers who sign up for a new marketing program may be giving up more private information than they'd bargained for, a prominent anti-spyware researcher claims.

According to Harvard Business School Assistant Professor Ben Edelman, Sears Holdings' My SHC Community program falls short of U.S. Federal Trade Commission (FTC) standards [..and that's hard to do! Bob] by failing to notify users exactly what happens when they download the company's marketing software.

And given the invasive nature of the product, Sears has an obligation to make its behavior clearer to users. "The software is not something you'd want on your computer or the computer of anyone you care about," Edelman said in an interview. "It tracks every site you go to, every search you make, every product you buy, and every product you look at but don't buy. It's just spooky."

Edelman has written up an analysis of Sears's software, set to be made public on Tuesday.



Always something useful

http://www.bespacific.com/mt/archives/016986.html

December 31, 2007

New on LLRX.com

  • FOIA Facts: FOIA - The Year in Review, by Scott A. Hodes

  • CongressLine: The Committee Markup, Paul Jenks



Your tax dollars at work... No doubt the TV industry will be paid 'per coupon issued' rather than for the coupons used.

http://hosted.ap.org/dynamic/stories/D/DIGITAL_TV?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT

Feds Share Coupons to Help TV Transition

By JOHN DUNBAR Associated Press Writer Dec 31, 6:18 PM EST

WASHINGTON (AP) -- Millions of $40 government coupons become available Tuesday to help low-tech television owners buy special converter boxes for older TVs that might not work after the switch to digital broadcasting.

Beginning Feb. 18, 2009, anyone who does not own a digital set and still gets their programming via over-the-air antennas will no longer receive a picture.

Monday, December 31, 2007

“We don't need no stinking security!”

http://www.pogowasright.org/article.php?story=2007123008482623

(update) Computer heist puts voter IDs in danger

Sunday, December 30 2007 @ 08:51 AM EST Contributed by: PrivacyNews News Section: Breaches

The names, addresses and complete Social Security numbers of more than 337,000 Davidson County voters may be in the hands of thieves, Metro election officials said Friday.

... Election officials had said earlier in the week that the computers stolen over the Christmas holiday from the Metro Election Commission offices at Howard School Building, 800 Second Ave. S., contained voters' partial Social Security numbers, along with other personal information.

"As we looked deeper … we now know that full Social Security numbers were included on the voter files contained on one or more of the stolen computers," county Election Administrator Ray Barrett said.

Source - Tennessean.com

[From the article:

It wasn't the only break-in of a public building over the holiday. Several laptop computers and a desktop computer were stolen from the state Safety Department's information technology building in south Nashville on Christmas Eve or Christmas Day.

The agency issues Tennesseans handgun-carry permits, and in the past it has overseen the unit that issues drivers' licenses. However, Safety Department officials said they believe personal information was not compromised, because nearly all of the computers were taken from a repair office and their memories are believed to be blank. [How about their hard drives? Bob]



...beacuse.

http://www.pogowasright.org/article.php?story=20071231081602333

Data “Dysprotection:” breaches reported last week

Monday, December 31 2007 @ 08:16 AM EST Contributed by: PrivacyNews News Section: Breaches

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent



Anyone who would like this protection can apply for Ordination in the Church of the Suppressed Evidence for a mere $19.95

http://www.pogowasright.org/article.php?story=20071231082851569

FL: Pastor had a reasonable expectation of privacy in his church office computer

Monday, December 31 2007 @ 08:28 AM EST Contributed by: PrivacyNews News Section: In the Courts

Search of a church office computer of the pastor was unconstitutional. The operational realities of the workplace are to be considered. And, the defendant had a subjective expectation of privacy in his office computer. The fact that his superiors in the church could enter the office did not mean that the police could, too. State v. Young, 2007 Fla. App. LEXIS 20515 (Fla. App. 1DCA December 26, 2007)

Source - FourthAmendment.com

[From the case:

The events leading to the search of Young’s office and computer began when the church administrator received a call from the church’s internet service provider.

A representative from that company informed the church administrator that spam had been linked to the church’s internet protocol address. In response to this call, the church administrator ran a “spybot” program on the church’s computers. [Holy Hacking, Batman! Bob] She testified that when she ran the program on Young’s computer, she saw “some very questionable web site addresses.” The church administrator then contacted a member of the staff parish and an information technology (IT) person to set up a time to have the computer examined.

... When a computer is involved, relevant factors include whether the office has a policy regarding the employer’s ability to inspect the computer, whether the computer is networked to other computers, and whether the employer (or a department within the agency) regularly monitors computer use.



Nice simple overview of Data Mining...

http://www.bespacific.com/mt/archives/016979.html

December 30, 2007

Recent CRS Reports: Tanzania, Data Mining and Homeland Security, Egypt, China and WMD



Worth looking at... (Includes a pointer to the complete list)

http://slashdot.org/article.pl?sid=07/12/31/0550227&from=rss

Google Products You Forgot All About

Posted by Zonk on Monday December 31, @02:27AM from the hiding-in-plain-sight dept. Google The Internet

Googling Yourself writes "Lifehacker has an interesting blog post on the "Top 10 Google Products You Forgot All About" that includes stalwarts like Google Trends and Google Alerts and a few others that may not be quite so familiar like Google Personals, Google's WYSIWYG web site creation tool, and Flight Simulator for Google Earth."

Sunday, December 30, 2007

No doubt they track the preferences of their listeners...

http://www.pogowasright.org/article.php?story=20071229152113130

Montgomery Man's Personal Information on Missing Military Computer

Saturday, December 29 2007 @ 03:21 PM EST Contributed by: PrivacyNews News Section: Breaches

J.J. Evans spent 24 years in the Air Force protecting our country. Now he's angry because he says the military didn't protect his personal information. He says, "When you trust someone with that, you expect better."

Air Force officials sent Evans a letter detailing how a military laptop computer is missing and it contains personal information including social security numbers, birth dates, addresses, and telephone numbers of active and retired Air Force members. "When someone gets a hold of a computer, they can wreck things," Evans says.

The laptop belonged to an Air Force band member at Bolling Air Force Base in Washington D.C. He reported it missing from his home. Evans questions why a band member would have a computer that contained personal information. He says, "I can't think of anything job related reason."

Source - WSFA

Note: In earlier coverage, Air Force officials indicated that the data for 10,501 people were on the computer.



Who signs off on these decisions?

http://www.pogowasright.org/article.php?story=200712291144542

Update: Adobe Replies To Privacy Spy Concerns

Saturday, December 29 2007 @ 11:44 AM EST Contributed by: PrivacyNews News Section: Businesses & Privacy

Yesterday we wrote about Adobe (Nasdaq: ADBE) and their potential spying on CS3 customers. The questions were based on screenshots showing a domain "2o7.net" which is owned by tracking firm Omniture. The screenshot (posted below again) shows what appears to be an internal IP address which it's not. Why would Adobe try to hide the tracking with a fake IP address?

John Nack, Adobe Photoshop product manager has provided a reply to the privacy concerns. He mentions that Adobe is closed this week and so his reply is the best he could find out while everyone else is away.

.... So John, let me throw it back over to - you note that I can opt-out of the tracking. Where in the installation process is the opt-out screen? Can you post a screenshot of the opt-out screen on installation? And why does Adobe try to hide the tracking by using a fake IP address? Don't say because that's how Omniture said to set it up. Thanks!

Source - CenterNetworks



http://www.pogowasright.org/article.php?story=20071229183008952

The 2007 International Privacy Ranking

Saturday, December 29 2007 @ 06:30 PM EST Contributed by: PrivacyNews News Section: Other Privacy News

Each year since 1997, the US-based Electronic Privacy Information Center and the UK-based Privacy International have undertaken what has now become the most comprehensive survey of global privacy ever published. The Privacy & Human Rights Report surveys developments in 70 countries, assessing the state of surveillance and privacy protection.

The most recent report published in 2007, available at http://www.privacyinternational.org/phr, is probably the most comprehensive single volume report published in the human rights field. The report runs over 1,100 pages and includes 6,000 footnotes. More than 200 experts from around the world have provided materials and commentary. The participants range from eminent privacy scholars to high-level officials charged with safeguarding constitutional freedoms in their countries. Academics, human rights advocates, journalists and researchers provided reports, insight, documents and advice. In 2006 Privacy International took the decision to use this annual report as the basis for a ranking assessment of the state of privacy in all EU countries together with eleven non-EU benchmark countries. Funding for the project was provided by the Open Society Institute (OSI) and the Joseph Rowntree Reform Trust. Follow this link for more details of last year's results.

The new 2007 global rankings extend the survey to 47 countries (from the original 37) and, for the first time, provide an opportunity to assess trends.

The intention behind this project is two-fold. First, we hope to recognize countries in which privacy protection and respect for privacy is nurtured. This is done in the hope that others can learn from their example. Second we intend to identify countries in which governments and privacy regulators have failed to create a healthy privacy environment. The aim is not to humiliate the worst ranking nations, but to demonstrate that it is possible to maintain a healthy respect for privacy within a secure and fully functional democracy.

Source - Privacy International: Leading surveillance societies in the EU and the World 2007

Related - Globe and Mail: Canada leads world in privacy: report



These are either the basis for security policy guidelines or a list of Class Action triggers...

http://www.pogowasright.org/article.php?story=200712291140306

IT and the Changing Privacy Landscape: Eight Areas to Watch in '08

Saturday, December 29 2007 @ 11:40 AM EST Contributed by: PrivacyNews News Section: Other Privacy News

In the waning days of the 20th century, privacy was more a marketing hook than an obligation, focused on customer preference and features to help companies earn a competitive edge. Privacy today is a concept more closely associated with the potential for abuse and the very real threat of inappropriate access or exposure, identity theft and fraud—with the responsibility resting squarely on the shoulders of any organization handling personal information for consumers, customers, employees or business partners.

Source - CIO



Clearly this is a trend. Is there a market for a more elaborate method of searching than Google provides?

http://www.bespacific.com/mt/archives/016968.html

December 29, 2007

Massachusetts Cases From 1986-1996 Now Online

Massachusetts Trial Court Law Libraries Blog: "We are pleased to announce the availability of all Supreme Judicial Court and Mass. Appeals Court cases from 1986-1996 at http://masscases.com. Cases are accessible by citation, case name, or through a Google custom search on the site. The collection also includes hundreds of the most-cited older Mass. cases."

[Even this Google tool: http://www.micropersuasion.com/2007/12/become-a-knowle.html ]



You could start from scratch, but why re-invent?

http://www.bespacific.com/mt/archives/016967.html

December 29, 2007

Draft Guide for Assessing the Security Controls in Federal Information Systems

SP 800-53 A - DRAFT Guide for Assessing the Security Controls in Federal Information Systems: "NIST announces the release of Draft Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems. This final public draft provides comprehensive assessment procedures for all security controls in NIST Special Publication 800-53 (as amended) and important guidance for federal agencies in building effective security assessment plans. Comments will be accepted until January 31, 2008... Final publication of NIST Special Publication 800-53A is expected in March 2008."



Tools & Techniques

http://digg.com/tech_news/5_Disposable_Web_Accounts_to_Keep_Your_Identity_Safe

5 “Disposable” Web Accounts to Keep Your Identity Safe

makeuseof.com — Fed up with spam? Tired of telemarketing calls? Feelin’ paranoid about identity theft? … Here you’ll find a bunch “throwaway” web tools that can help you out.

http://www.makeuseof.com/tag/5-disposable-web-accounts-to-keep-your-identity-safe/



Interesting, but I'm not certain the studios will recognize this as a threat. Consider a parallel. High school kids produce the plays of Shakespeare (Greek tragedy, Aesop's Fables, etc.) and distribute them free...

http://slashdot.org/article.pl?sid=07/12/29/1638236&from=rss

Writers Guild Members Look to Internet Distribution

Posted by Soulskill on Saturday December 29, @12:24PM from the playing-nice-with-others dept. Media The Internet

stevedcc writes "The Guardian is running an article about members of the Writer's Guild, still on strike, creating their own ventures to deliver content over the internet. The intention is to get their work to consumers while bypassing the movie studios. Their effort will include actors and directors, and it is not the first step they have taken to expand their interests during the strike. One particular project is said to include A-list talent, and will be released in roughly 50 daily segments before going to DVD. This is also relevant to the strike because, as the article states, 'at the core of the current dispute is the question of how to reimburse writers for work that is distributed on the internet.'"



Have they lost it entirely?

http://yro.slashdot.org/article.pl?sid=07/12/30/059223&from=rss

RIAA Now Filing Suits Against Consumers Who Rip CDs

Posted by Zonk on Sunday December 30, @08:31AM from the because-we-needed-another-reason-to-be-cranky-at-them dept. Music Businesses

mrneutron2003 writes "With this past week's announcement by Warner to release its entire catalog to Amazon in MP3 format with no Digital Rights Management, you would think that the organization that represents them, The RIAA, would begin changing its tune. Instead, they are pressing on in their campaign against consumers by suing individuals who merely rip CDs they've purchased legally. 'The industry's lawyer in the case, Ira Schwartz, argues in a brief filed earlier this month that the MP3 files Howell made on his computer from legally bought CDs are "unauthorized copies" of copyrighted recordings.'"



Because you can never have enough...

http://www.killerstartups.com/User-Gen-Content/Comicwondercom---User-submitted-Audio-Jokes/

Comicwonder.com - User-submitted Audio Jokes

Here’s a site that will come in handy for the ever present uncle that has been telling the same jokes over the past 20 years. Comicwonder.com is a community of jokers that submit audio jokes which can be later heard or shared by other community members by pasting html codes in their respective sites, social networking profiles or blogs. Each joke is presented in an individual site and is played with a fast-loading flash player, and as each joke can be tagged, users can browse the site by joke category (wife, kids, cowboy, cannibal, priests, bar, dog, woman, blonde, etc). Additionally, jokes can be commented on and rated, which is a rather vital issue, as there is an ongoing contest to find “the best joke teller on the planet”, with a $2,500 cash prize. In order to record a joke on ComicWonder, users have to indicate their phone number, and will later receive a call from the system which will guide through recording, in order to ensure adequate payback quality.

http://comicwonder.com/